Half of US organisations won’t be prepared for CCPA

At the International Association of Privacy Professionals’ (IAPP) Global Privacy Summit, OneTrust and the IAPP announced the results from research analysing California Consumer Privacy Act (CCPA) preparedness in advance of the regulation’s Jan. 1, 2020 compliance deadline.

The IAPP and OneTrust, surveyed U.S. organisations spanning size and industry, and found that while reputation and consumer privacy are the biggest drivers for CCPA compliance, only 55% of companies plan to be ready by the law’s Jan. 1, 2020 effective date.

Key findings from the research found:

  • Only 55% of those surveyed plan to be ready for the CCPA by its enforcement date: Jan. 1, 2020.
  • Another 25% plan to be ready by July 1, 2020; the date California will begin enforcement actions.
  • The biggest reason organisations are underprepared is due to a lack of time, whereas the biggest motivator for compliance is company reputation.
  • GDPR readiness is paying off: companies with a “high” level of GDPR compliance have early target dates for CCPA compliance (59% will be ready by Jan. 1), while none of the organisations that report “low” GDPR compliance plan to be ready by this same date.
  • Federal pre-emption is unlikely: 47% of those surveyed believe a federal privacy law that pre-empts the CCPA will not be passed by Congress over the next year or two.


“The CCPA is a major moment for the U.S. privacy landscape and our research reveals companies that didn’t need to overhaul privacy practices for GDPR compliance are now struggling to meet the CCPA’s 2020 deadline,” said Kabir Barday, OneTrust CEO

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.